diff --git a/app/Http/Controllers/EjaculationController.php b/app/Http/Controllers/EjaculationController.php index cf11294..aa770ca 100644 --- a/app/Http/Controllers/EjaculationController.php +++ b/app/Http/Controllers/EjaculationController.php @@ -106,6 +106,10 @@ class EjaculationController extends Controller { $ejaculation = Ejaculation::findOrFail($id); + if (Auth::user()->cant('edit', $ejaculation)) { + abort(403); + } + return view('ejaculation.edit')->with(compact('ejaculation')); } @@ -113,6 +117,10 @@ class EjaculationController extends Controller { $ejaculation = Ejaculation::findOrFail($id); + if (Auth::user()->cant('edit', $ejaculation)) { + abort(403); + } + $inputs = $request->all(); $validator = Validator::make($inputs, [ @@ -163,6 +171,11 @@ class EjaculationController extends Controller public function destroy($id) { $ejaculation = Ejaculation::findOrFail($id); + + if (Auth::user()->cant('edit', $ejaculation)) { + abort(403); + } + $user = User::findOrFail($ejaculation->user_id); $ejaculation->tags()->detach(); $ejaculation->delete(); diff --git a/app/Policies/EjaculationPolicy.php b/app/Policies/EjaculationPolicy.php new file mode 100644 index 0000000..d4f7f9d --- /dev/null +++ b/app/Policies/EjaculationPolicy.php @@ -0,0 +1,27 @@ +id === $ejaculation->user_id; + } +} diff --git a/app/Providers/AuthServiceProvider.php b/app/Providers/AuthServiceProvider.php index 600ff72..dd25e21 100644 --- a/app/Providers/AuthServiceProvider.php +++ b/app/Providers/AuthServiceProvider.php @@ -2,6 +2,8 @@ namespace App\Providers; +use App\Ejaculation; +use App\Policies\EjaculationPolicy; use Illuminate\Foundation\Support\Providers\AuthServiceProvider as ServiceProvider; use Illuminate\Support\Facades\Gate; @@ -14,6 +16,7 @@ class AuthServiceProvider extends ServiceProvider */ protected $policies = [ 'App\Model' => 'App\Policies\ModelPolicy', + Ejaculation::class => EjaculationPolicy::class, ]; /**